| Software Defined Network(SDN) is a new infrastructure which decouples the control layer and the data layer. The centralized controller is the main advantage of SDN, which also causes single point of failure. Then, security in SDN has been raise.The application of SDN in Wireless Local Area Networks(WLAN) has also been an important research subject. A lot of security issues exist in traditional WLAN, such as Distributed Denial-of-Service(DDoS) attack, fake AP and so on. They are brought into SDN-based WLAN with SDN’s own security problem.In this paper, we study the DDoS attack detection system for Software Defined WLAN(SDWLAN). The objective is to offer a lightweight and effective detection algorithm. The existing attack detection systems are mainly based on statistics and machine learning. The former brings non-SDN detection methods into SDN and can not make effective use of SDN’s features. And the latter needs long time training which can’t adjust the fast reconfiguration of SDN.We are motivated to propose a new attack detection system in Software Defined WLAN, which is called Renyi-entropy-based DDoS attack detection system, to improve the detection performance and reduce the resource consumption. The proposed detection make effective use of SDN’s centralized control to simplify the collection of statistics. With these statistics, Renyi entropy is calculated to measure the randomness of the network and detect DDoS attack. Renyi-entropy-based detection system is implemented with a simple and effective algorithm. Extensive experiments are performed. The results show that the proposed detection system detects the DDoS attack more effectively and consumes less resources than the existing detection systems. |
PDF Full Text Request